Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a mutual information based algorithm that analytically selects the optimal feature for classification. This mutual information based feature selection algorithm can handle linearly and nonlinearly dependent data features. Its effectiveness is evaluated in the cases of network intrusion detection. An Intrusion Detection System (IDS), named Least Square Support Vector Machine based IDS (LSSVM-IDS), is built using the features selected by our proposed feature selection algorithm. The performance of LSSVM-IDS is evaluated using three intrusion detection evaluation datasets, namely KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results show that our feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods.

en_US

dc.publisher

IEEE

en_US

dc.relation.ispartof

IEEE Transactions on Computers

en_US

dc.relation.isbasedon

10.1109/TC.2016.2519914

en_US

dc.subject.classification

Computer Hardware & Architecture

en_US

dc.title

Building an intrusion detection system using a filter-based feature selection algorithm

en_US

dc.type

Journal Article

utslib.description.version

Published

en_US

utslib.citation.volume

10

en_US

utslib.citation.volume

65

en_US

utslib.for

0803 Computer Software

en_US

utslib.for

0805 Distributed Computing

en_US

utslib.for

0803 Computer Software

en_US

utslib.for

0805 Distributed Computing

en_US

utslib.for

1006 Computer Hardware

en_US

pubs.embargo.period

Not known

en_US

pubs.organisational-group

/University of Technology Sydney

pubs.organisational-group

/University of Technology Sydney/Faculty of Engineering and Information Technology

pubs.organisational-group

/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering

Redundant and irrelevant features in data have caused a long-term problem in network traffic classification. These features not only slow down the process of classification but also prevent a classifier from making accurate decisions, especially when coping with big data. In this paper, we propose a mutual information based algorithm that analytically selects the optimal feature for classification. This mutual information based feature selection algorithm can handle linearly and nonlinearly dependent data features. Its effectiveness is evaluated in the cases of network intrusion detection. An Intrusion Detection System (IDS), named Least Square Support Vector Machine based IDS (LSSVM-IDS), is built using the features selected by our proposed feature selection algorithm. The performance of LSSVM-IDS is evaluated using three intrusion detection evaluation datasets, namely KDD Cup 99, NSL-KDD and Kyoto 2006+ dataset. The evaluation results show that our feature selection algorithm contributes more critical features for LSSVM-IDS to achieve better accuracy and lower computational cost compared with the state-of-the-art methods.

OPUS Help

OPUS

OPUS (Open Publications of UTS Scholars) is the UTS institutional repository. It showcases the research of UTS staff and postgraduate students to a global audience. For you, as a researcher, OPUS increases the visibility and accessibility of your research by making it openly available regardless of where you choose to publish.

Items in OPUS are enhanced with high quality metadata and seeded to search engines such as Google Scholar as well as being linked to your UTS research profile, increasing discoverability and opportunities for citation of your work and collaboration. In addition, works in OPUS are preserved for long-term access and discovery.

The UTS Open Access Policy requires UTS research outputs to be openly available via OPUS. Depositing your work in OPUS also assists you in complying with ARC, NHMRC and other funder Open Access policies. Providing Open Access to your research outputs through OPUS not only ensures you comply with these important policies, but increases opportunities for other researchers to cite and build upon your work.

OPUS archives UTS research submitted for the UTS Research Output Collection (UTS ROC) and Excellence in Research for Australia (ERA). It also stores digital theses and forms of scholarship that do not usually see formal publication.

How can you deposit works in OPUS?

When you claim (or enter) your research in Symplectic Elements, simply upload a copy of your work which can be made openly available. Symplectic provides information on which version of your work to upload. If you are unsure, please supply a copy of the Accepted Manuscript version. Ensure you check the box to "agree to the OPUS license terms".

Once uploaded, your works are automatically sent to OPUS and placed temporarily in Closed Access until reviewed by UTS Library staff.